|Publication number||US6005939 A|
|Application number||US 08/761,256|
|Publication date||Dec 21, 1999|
|Filing date||Dec 6, 1996|
|Priority date||Dec 6, 1996|
|Publication number||08761256, 761256, US 6005939 A, US 6005939A, US-A-6005939, US6005939 A, US6005939A|
|Inventors||Keith Neil Fortenberry, Herman Rodriquez|
|Original Assignee||International Business Machines Corporation|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (14), Non-Patent Citations (4), Referenced by (166), Classifications (32), Legal Events (5)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This invention relates generally to accessing public networks and, more particularly, to a method and apparatus for allowing access to an Internet web site.
As is known in the art, there is a trend to conduct business over public computer networks. For example, a user may want to make a purchase or conduct a transaction over a public computer network such as the Internet. To do so, the user accesses the public network through a network node (e.g. a web site) and makes a purchase/transaction request with a particular vendor who is also coupled to the public network via a web site. In response to the user requests, a vendor may request user information such as user name, address, social security number, credit card number, etc.
To continue the transaction, the user responds to the vendor by entering the requested information (e.g. name, address, social security number, credit card number, etc. . . . ) at the web site and transmitting the information to the vendor. After receiving the information, the vendor then completes the transaction.
One problem with this approach, however, is that if a user wants to make additional transactions or requests, the user is often required to re-enter the same information for each request. This can lead to mistakes being made in entering the information. This is true even if the information only needs to be entered once in response to a single request. Furthermore, there may be problems maintaining particularly sensitive user information (e.g. credit card number, social security number, etc.) in secret.
For example, to access information on an Internet home page (e.g. the IBM home page on the Internet), a user must specify via a menu selection the language (e.g. English, French, German, etc. . . . ) in which the user would like to communicate. Such information must be re-entered each time the same user accesses the IBM home page.
It would therefore be desirable to provide a technique for allowing a user to specify particular information once and have the information be used each time the user accesses any site on the public network.
In accordance with the present invention, a passport system includes a single repository of user information in a single format and a passport access provider for accessing the user information in the repository and for providing a user passport to a requestor. With this particular arrangement a consistent, secure and redundancy free technique for obtaining and maintaining user information at one or several sites on a public network is provided. The public network may correspond, for example, to the Internet and the sites may correspond to web sites on the Internet. The consistency, security and redundancy problems are overcome by encapsulating and integrating the user information into the single repository, storing the information in a single format and providing access to that information using a standard interface.
In accordance with a further aspect of the present invention, a method for establishing a passport includes the steps of (a) receiving, in a passport agent, a request from a user to establish a passport, (b) opening a secure communication channel between the passport agent and the user, (c) presenting, via the passport agent, a series of menus to the user in response to which the user enters information and (d) storing the user information as a passport in a passport database. With this particular arrangement, a method for allowing a user to access a plurality of public network sites is provided. In one embodiment, the method further includes the step of securing the passport data. For example, such a method may include the steps of assigning an encryption key to the user and transmitting a public key to the user to allow the user to release a passport from the database. Any particular site which requires particular user information can obtain the user information from the user's passport without having to prompt the user for the parameter each time the web site is visited. To protect the user's privacy, the method may optionally include the steps of assigning a particular security level to each item of user information stored in the passport. By assigning a security level a user can protect sensitive information from being indiscriminately disclosed while the passport still can be used to grant access to more public information. For example, if currently visiting the IBM home page on the Internet, the user must specify a language in which to communicate. Such a user parameter may now be specified in a user passport which is provided to the home page server. Thus, a user need no longer specify such a parameter.
The above and other features, objects and advantages of the invention will be better understood by referring to the following detailed description in conjunction with the accompanying drawing in which:
FIG. 1 is a block diagram of a computer system suitable for use with the present invention;
FIG. 2A is a schematic block diagram of a passport agent coupled to an Internet;
FIG. 2B is a conceptual schematic diagram of the interaction of a user system, passport agent server, and a vendor web site, in accordance with the present invention;
FIG. 3 is a diagrammatical representation of a passport packet;
FIG. 4 is a flow diagram illustrating the steps to register information in a passport agent; and
FIG. 5 is a flow diagram illustrating the steps in completing a transaction between a user and a vendor over an Internet using a passport.
FIG. 1 illustrates the system architecture for a computer system 100 such as an IBM PS/2®, on which the invention may be implemented. The exemplary computer system of FIG. 1 is for descriptive purposes only. Although the description may refer to terms commonly used in describing particular computer systems, such as in IBM PS/2 computer, the description and concepts equally apply to other systems, including systems having architectures dissimilar to FIG. 1.
Computer system 100 includes a central processing unit (CPU) 105, which may be implemented with a conventional microprocessor, a random access memory (RAM) 110 for temporary storage of information, and a read only memory (ROM) 115 for permanent storage of information. A memory controller 120 is provided for controlling RMA 110.
A bus 130 interconnects the components of computer system 100. A bus controller 125 is provided for controlling bus 130. An interrupt controller 135 is used for receiving and processing various interrupt signals from the system components.
Mass storage may be provided by diskette 142, CD ROM 147, or hard drive 152. Data and software may be exchanged with computer system 100 via removable media such as diskette 142 and CD ROM 147. Diskette 142 is insertable into diskette drive 141 which is, in turn, connected to bus 30 by a controller 140. Similarly, CD ROM 147 is insertable into CD ROM drive 146 which is, in turn, connected to bus 130 by controller 145. Hard disk 152 is part of a fixed disk drive 151 which is connected to bus 130 by controller 150.
User input to computer system 100 may be provided by a number of devices. For example, a keyboard 156 and mouse 157 are connected to bus 130 by controller 155. An audio transducer 196, which may act as both a microphone and a speaker, is connected to bus 130 by audio controller 197, as illustrated. It will be obvious to those reasonably skilled in the art that other input devices, such as a pen and/or tabloid may be connected to bus 130 and an appropriate controller and software, as required. DMA controller 160 is provided for performing direct memory access to RAM 110. A visual display is generated by video controller 165 which controls video display 170. Computer system 100 also includes a communications adaptor 190 which allows the system to be interconnected to a local area network (LAN) or a wide area network (WAN), schematically illustrated by bus 191 and network 195.
Operation of computer system 100 is generally controlled and coordinated by operating system software, such as the OS/2® operating system, available from International Business Machines Corporation, Boca Raton, Fla. The operating system controls allocation of system resources and performs tasks such as processing scheduling, memory management, networking, and I/O services, among things.
In one embodiment, the passport methods of the present invention are implemented in the C++ programming language using object-oriented programming techniques. C++ is a compiled language. That is, programs are written in a human-readable script and this script is then provided to another program called a compiler which generates a machine-readable numeric code that can be loaded into, and directly executed by, a computer.
As described below, the C++ language has certain characteristics which allow a software developer to easily use programs written by others while still providing a great deal of control over the reuse of programs to prevent their destruction or improper use. The C++ language is well known and many articles and texts are available which describe the language in detail. In addition, C++ compilers are commercially available from several vendors including Borland International, Inc. and Microsoft Corporation. Accordingly, for reasons of clarity, the details of the C++ language and the operations of the C++ compiler will not be discussed further in detail herein.
As will be understood by those skilled in the art, Object-Oriented Programming (OOP) techniques involve the definition, creation, use and destruction of "objects." Objects are software entities comprising data elements, or attributes, and methods, or functions, which manipulate the data elements. The attributes and related methods are treated as a single entity and can be created, used and deleted as if they were a single item. Together, the attributes and methods enable objects to model virtually any real-world entity in terms of its behavior, which can be represented by its data manipulation functions. In this way, objects can model concrete things like people and computers, and they can also model abstract concepts like numbers or geometrical designs.
Objects are defined by creating "classes" which are not objects themselves, but which act as templates that instruct the compiler how to construct the actual object. A class may, for example, specify the number and type of data variables and the steps involved in the methods which manipulate the data. When an object-oriented program is compiled, the class code is compiled into the program, but no objects exist. Therefore, none of the variables or data structures in the compiled program exist or have any memory allotted to them. An object is actually created by the program at runtime by means of a special function called a constructor which uses the corresponding class definition and additional information, such as arguments provided during object creation, to construct the object. Likewise objects are destroyed by a special function called a destructor. Objects may be used by using their data and invoking their functions. When an object is created at runtime memory is allotted and data structures are created.
The principle benefits of object-oriented programming techniques arise out of three basic principles; encapsulation, polymorphism and inheritance. More specifically, objects can be designed to hide, or encapsulate, all, or a portion of, the internal data structure and the internal functions. More particularly, during program design, a program developer can define objects in which all or some of the attributes and all or some of the related functions are considered "private" or for use only by the object itself. Other data or functions can be declared "public" or available for use by other programs. Access to the private variables by other programs can be controlled by defining public functions for an object which access the object's private data. The public functions form a controlled and consistent interface between the private data and the "outside" world. Any attempt to write program code which directly accesses the private variables causes the compiler to generate an error during program compilation which errors stops the compilation process and prevents the program from being run.
Polymorphism is a concept which allows objects and functions which have the same overall format, but which work with different data, to function differently in order to produce consistent results. For example, an addition function may be defined as variable A plus variable B (A+B) and this same format can be used whether the A and B are numbers, characters or dollars and cents. However, the actual program code which performs the addition may differ widely depending on the type of variables that comprise A and B. Polymorphism allows three separate function definitions to be written, one for each type of variable (numbers, characters, and dollars). After the functions have been defined, a program can later refer to the addition function by its common format (A+B) and, at runtime, the program will determine which of the three functions is actually called by examining the variable types. Polymorphism allows similar functions which produce analogous results to be "grouped" in the program source code to produce a more logical and clear program flow.
The third principle which underlies object-oriented programming is inheritance, which allows program developers to easily reuse pre-existing programs and to avoid creating software from scratch. The principle of inheritance allows a software developer to declare classes (and the objects which are later created from them) as related. Specifically, classes may be designated as subclasses of other base classes. A subclass "inherits" and has access to all of the public functions of its base classes just as if these function appeared in the subclass. Alternatively, a subclass can override some or all of its inherited functions or may modify some or all of its inherited functions merely by defining a new function with the same form (overriding or modification does not alter the function in the base class, but merely modifies the use of the function in the subclass). The creation of a new subclass which has some of the functionality (with selective modification) of another class allows software developers to easily customize existing code to meet their particular needs.
Referring now to FIG. 2A, a public network or internet 200 is coupled to a private network 202 through a fire wall server 204. As used herein, the term "internet" generally refers to any collection of distinct networks working together to appear as a single network to a user. The term "Internet", on the otherhand, refers to the so-called world wide "network of networks" that are connected to each other using the Internet protocol (IP) and other similar protocols. The Internet provides file transfer, remote log in, electronic mail, news and other services.
As described herein, the exemplary public network of FIG. 2A is for descriptive purposes only. Although the description may refer to terms commonly used in describing particular public networks such as the Internet, the description and concepts equally apply to other public and private computer networks, including systems having architectures dissimilar to that shown in FIG. 2A.
One of the unique aspects of the Internet system is that messages and data are transmitted through the use of data packets "data grams." In a data gram based network messages are sent from a source to a destination in a similar manner to a government mail system. For example, a source computer may send a data gram packet to a destination computer regardless of whether or not the destination computer is currently online and coupled to the network. The Internet protocol (IP) is completely sessionless, such that IP data gram packets are not associated with one another.
The fire wall server 204 is a computer which couples the computers of a private network e.g. network 202 to the Internet 200 and may thus act as a gatekeeper for messages and data grams going to and from the Internet 200. An Internet service provider 206 is also coupled to the Internet 200. A service provider is an organization that provides connections to a part of the Internet. Internet service provider 206 is also a computer which couples a plurality of users 208a-208N to the Internet 200. Thus, users 208 are coupled to the Internet through Internet service provider 206. Also coupled to the Internet in a plurality of web sites or nodes 210a-210n generally denoted 210. When a user wishes to conduct a transaction at one of the nodes 210, the user accesses the node 210 through the Internet 200.
Each node in the fire wall shown in FIG. 2A is configured to understand which fire wall and node to send data packets to given a destination IP address. This may be implemented by providing the fire walls and nodes with a map of all valid IP addresses disposed on its particular private network or another location on the Internet. The map may be in the form of prefix matched up to and including the full IP address.
Also coupled to Internet 200 is a passport server 212 and a passport data base 214. Passport server 212 and passport database 214 may be collectively referred to as a passport agent 216. Users 208 can store certain personal and optional demographic information in passport database 214. The information need only be stored once, and, at the user's option, assigned a security level for each item of information. The information may be stored, for example, as a record or as a file. Thus, passport agent 216 includes a database of user information for each of the users who wish to utilize the services of passport agent 216. The information for each particular user is stored in a particular data structure referred to as a passport.
Passport agent 216 may be provided, for example, as an object-oriented database management system (DBMS), a relational data base management system (e.g. DB2, SQL, etc.) or another conventional data base package which includes a security/authentication function. Thus, the database can be implemented using object-oriented technology or via text files which utilize a security system.
Referring now to FIG. 2B, in general overview, the passport system operates in the following manner. User 208 who wishes to conduct a transaction at web site 210 requests that passport agent 216 release specific user information to web site 210. The request is made as an encrypted message to passport agent 216. Passport agent 216 has previously been provided a key with which to decrypt the encrypted message from user 208. Passport agent 216 decrypts the request from user 208 to determine, inter alia, the particular web site to which a passport of the user 208 should be sent.
Passport agent 216 then provides encrypted data to the particular web site here denoted as web site 210. User 208 has previously provided to web site 210 a public key with which web site 210 can decode the encrypted data provided by passport agent 216.
The web site 210 receives the encrypted user information (i.e. the passport) from passport agent 216 and unlocks the message using the public key provided by the user 208. If the web site 210 is unable to unlock any of the environment variables in the passport, the request is ignored, as explained hereinafter.
It should be noted that user 208 can provide to web site 210 one of several public keys which allow web site 210 to unlock data having one of several security levels. For example, user 208 may have a first key which unlocks confidential user information in the user passport, a second key which unlocks secret user information in the user passport and a third key which unlocks top secret user information in the user passport. Thus, to unlock all the data in the passport, user 208 would have to provide to web site 210 all three keys.
Referring now to FIG. 3, a transmission packet 300 includes a header portion 301, having IP source address 302 and destination address 303, and a passport portion 304, having a data structure which includes fields 305, 306, and 308.
First data field 305 may contain two classes of data. The first class of information corresponds to real information about a user such as the user's real name, address, credit card information, social security number, etc. The real information is typically highly sensitive in nature and is closely guarded by the user. The first class of information is thus typically encrypted and is available only at the user's discretion. As mentioned above in conjunction with FIG. 2B, the user has a public key which the user can provide to others coupled to a network. The holder of the key can decrypt the user information.
The second class of information included in first data field 305 is virtual information. The virtual information is created and selected by the user. Virtual information includes items such as a virtual (i.e. not real) identification that can be used when visiting web sites and other Internet locations, browsing show rooms on the Internet, etc. This information may or may not be encrypted as per the user's wish. Virtual information may thus include information the user perceives not confidential in nature and may include users preferences, tastes, goals for visiting web sites, etc., yet the user may want to consider it private although not confidential. It should be noted that the term "visiting a web site" generally refers to a method of requesting a document from a web server.
At the user's option, virtual information can be converted to real information via a menu selection. In that event, the selected virtual information becomes restricted (e.g encrypted) and is no longer publicly available to others on the web.
For example, John Doe, a real user at the Internet, chooses to travel the Internet and be known by the name Jane Doe. Further, John Doe wants to present himself through a picture of a site list when visiting an Internet site or when communicating with other users on the Internet. John Doe's passport contains optional information that he is a classical musical buff. Thus, with the passport method, the user is allowed to present himself as the real person he is when required and as a virtual person on occasions where he wants to assume that virtual identity.
The passport 304 includes a second field corresponding to a security level field 306. A security level is assigned to each item of user information included in the passport data field 305. Thus, for example, if data in field 305 is assigned a security level of 0 then the data is clear. Alternatively, if the data is assigned a security level of 1 then the data is secured via a security technique such as an encryption technique. The passport 304 also includes a key field 308. One or more keys for encryption and decryption may be stored in key field 308.
Referring to FIG. 4, a flow diagram illustrating the process steps to create a passport is shown. Coding of the process steps of the flowchart of FIG. 4 into instructions suitable to control the computer systems in the passport agent 216 and the user system 208 will be understood by those having ordinary skill in the art of programming. First, the user sends a request to generate a passport to passport agent 216, as illustrated by process step 400. The passport agent receives the request, as illustrated by process step 402, and opens a secure communication channel between the passport agent and the requesting user, as illustrated by process 404. Passport agent 216 then presents to the user a series of queries which may be in the form of menus, as illustrated by process block 406. In response, the user enters the requested information such as social security number, drivers license number, etc., and a corresponding level of security to protect the information item, as illustrated by process blocks 408 and 410. The user specified information is referred to herein as user information or environmental variables. The security levels assigned to each item of user information or environment variables range from highly secure to public. For example, particularly sensitive information may be designated as highly secured and assigned a high security level of 100 on an exemplary scale of 0-100 levels. Less sensitive information may be designated as less secured or even public and assigned a lower security level approaching or equal to zero. Next, passport agent 216 provides a public key to the user to access the passport data, as illustrated by process 418. Finally, the user's information which collectively comprises the Internet passport is stored and maintained in a highly secured server site on the Internet which serves as the passport agent and guarantees the integrity of the users passport, as illustrated by process block 420.
Security keys are delivered to the passport requestor also in a secure manner. As mentioned above, several security keys may be given to a user, such that access to information may be granted at various levels such as real-ID (very secure), virtual-ID and less private information classes. In this manner, the passport agent protects the passport information provided by the user.
When the passport agent sends passport information to the web server on behalf of the passport holder, the private key is used to encrypt the specific information authorized by the passport holder. When the vendor's server receives passport data from the passport agent, one of the public keys sent by the user is used to unlock the passport data. If the public key does not unlock the passport data, the vendor's server simply ignores the users request.
A security level is also used to assign an encryption key based on a user's password. The encryption method uses the concept of public and private keys so that the public key is given the user to access passport data and the passport agent presents the encrypted user data based on the private key. No one but the passport agent on the Internet has access to the private key. The passport owner has a copy of the public key.
Referring now to FIG. 5, a flowchart illustrating the process steps for providing access to a users internet passport via passport agent is illustrated. The coding of the process steps of the flowchart of FIG. 5 into instructions suitable to control passport agent 216, web site 210 and user 208 will be understood by those ordinary skill in the art of programming. First, the user requests a transaction with a particular vendor, i.e., web site 210, as illustrated by process block 502. Next, the user provides a public key to the vendor, as illustrated in process block 504. The public key was previously provided to the user by passport agent 216. Next, the user requests that passport agent 216 send the user's passport to the vendor, as illustrated by process block 506. This message is encrypted with a security key obtained by the user via a secured method. The vendor requests relevant information contained in the user environment variables from the passport agent, as illustrated by process block 508. The request for information is specified in the message as follows: RELEASE-TYPE TO INTERNET-SITE ON BEHALF OF MY-USER-ID. For example, when requesting the passport agent to release social security number information, the message looks like: RELEASE SOCIAL-SECURITY-NUMBER TO WEB-SITE-X ON BEHALF OF MY-USER-ID. Passport agent 216 receives the request for the information, as illustrated by process block 510 and, based on the security level of the identified information, determines whether or not the requested information should be transmitted to the vendor in encrypted form, as illustrated by decisional block 512. If the information is to be encrypted, an encryption process is carried out by passport agent 216, as illustrated by process block 514.
If the data is encrypted, the private key is used to encrypt the contents of the user environment variables. The encrypted data contains the name of the user environment variable and its assigned value. Otherwise, the requested information is sent to the vendor by passport agent 216, as illustrated by process block 516. When the vendor, i.e. the web server receives passport data from the passport agent 216, and such user information is encrypted, the public key sent by the user is used to unlock and decrypt the passport data, as illustrated by the decisional block 518 and process block 520. If the public security key does not unlock the passport data, the vendor simply ignores the users request. Next, the users information is authenticated by the vendor, e.g. verified with an on-line financial database etc., in a manner understood by those reasonably skilled in the arts, as illustrated by process block 522. Finally, once the information has been authenticated the vendor is able to complete the transaction, as illustrated by process block 524.
In the exemplary embodiment, both the passport agent and the web site of the vendor subscribe to the protocol which enable them to participate in the passport system contemplated herein. Further, the public and private keys described herein may be encrypted using a double keying encryption technology technique currently known in the art.
As indicated heretofore, aspects of this invention pertain to specific "method functions" implementable on computer systems. Those skilled in the art should readily appreciate that programs defining these functions can be delivered to a computer in many forms; including, but not limited to: (a) information permanently stored on non-writable storage media (e.g., read only memory devices within a computer or CD-ROM disks readable by a computer I/O attachment); (b) information alterably stored on writable storage media (e.g., floppy disks and hard drives); or (c) information conveyed to a computer through communication media such as telephone networks. It should be understood, therefore, that such media, when carrying such information, represent alternate embodiments of the present invention.
Having described preferred embodiments of the invention, it will now become apparent to one of ordinary skill in the art that other embodiments incorporating their concepts may be used.
For example, it should be noted that in the particular embodiment described above in conjunction with FIG. 2A, passport security is provided via a public key- private key encryption technique. In other embodiments, however, passport security may be provided from other techniques. For example, the system may be made secure by using a so-called SSL system in which, a server is certified with the SSL system and a client browser (e.g. a Netscape browser) establishes a connection with the certified server. Security in the connection is established via methods provided a security system provider such as VeriSign, for example. Thus, in this particular technique, the client browser is provided having the appropriate authentification codes and the browser determines whether it is receiving appropriate verification/authentication signals. Such security may be provided, for example, on a per session basis, on connections established between a client and the certified server. It should also be recognized that other encryption techniques such as the Date Encryption Standard (DES) and the Pretty Good Privacy (PGP) system can also be used.
It is felt therefore that these embodiments should not be limited to disclosed embodiments, but rather should be limited only by the spirit and scope of the appended claims.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5081678 *||Jun 28, 1989||Jan 14, 1992||Digital Equipment Corporation||Method for utilizing an encrypted key as a key identifier in a data packet in a computer network|
|US5452433 *||Feb 10, 1995||Sep 19, 1995||Digital Equipment Corporation||Common agent computer management system and method|
|US5455953 *||Nov 3, 1993||Oct 3, 1995||Wang Laboratories, Inc.||Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket|
|US5463690 *||Dec 14, 1993||Oct 31, 1995||Next Computer, Inc.||Method and apparatus for public key exchange in a cryptographic system|
|US5623546 *||Jun 23, 1995||Apr 22, 1997||Motorola, Inc.||Encryption method and system for portable data|
|US5671279 *||Nov 13, 1995||Sep 23, 1997||Netscape Communications Corporation||Electronic commerce using a secure courier system|
|US5719942 *||Mar 21, 1995||Feb 17, 1998||International Business Machines Corp.||System and method for establishing a communication channel over a heterogeneous network between a source node and a destination node|
|US5724423 *||Sep 18, 1995||Mar 3, 1998||Telefonaktiebolaget Lm Ericsson||Method and apparatus for user authentication|
|US5737414 *||May 20, 1997||Apr 7, 1998||Walker Asset Management Limited Partnership||900 number billing and collection system and method for on-line computer services|
|US5737422 *||Apr 26, 1995||Apr 7, 1998||Billings; Roger E.||Distributed data processing network|
|US5784463 *||Dec 4, 1996||Jul 21, 1998||V-One Corporation||Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method|
|US5835595 *||Sep 4, 1996||Nov 10, 1998||At&T Corp||Method and apparatus for crytographically protecting data|
|US5852666 *||Jul 1, 1996||Dec 22, 1998||Sun Microsystems, Inc.||Capability security for distributed object systems|
|EP0646857A1 *||Sep 30, 1994||Apr 5, 1995||Xerox Corporation||User interface for defining and automatically transmitting data according to preferred communication channels|
|1||"IPv6: The New Internet Protocal," IEEE Communications Magazine, William Stallings, Jul. 1996, pp. 96-108.|
|2||*||IPv6: The New Internet Protocal , IEEE Communications Magazine, William Stallings, Jul. 1996, pp. 96 108.|
|3||*||Schneier s Applied Cryptography, 2nd Edition, Oct. 1995.|
|4||Schneier's Applied Cryptography, 2nd Edition, Oct. 1995.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US6385596 *||Feb 6, 1998||May 7, 2002||Liquid Audio, Inc.||Secure online music distribution system|
|US6523116 *||Mar 5, 1999||Feb 18, 2003||Eastman Kodak Company||Secure personal information card database system|
|US6546398 *||Oct 23, 2000||Apr 8, 2003||Aryo Gmbh||Process for producing a selection mask for accessing data on a database by way of programmable information objects|
|US6601170||Apr 7, 2000||Jul 29, 2003||Clyde Riley Wallace, Jr.||Secure internet user state creation method and system with user supplied key and seeding|
|US6738901||Dec 15, 1999||May 18, 2004||3M Innovative Properties Company||Smart card controlled internet access|
|US6820204||Mar 31, 2000||Nov 16, 2004||Nimesh Desai||System and method for selective information exchange|
|US6834269||Feb 23, 2000||Dec 21, 2004||Dell Products L.P.||Factory-installed software purchase verification key|
|US6845448 *||Jan 7, 2000||Jan 18, 2005||Pennar Software Corporation||Online repository for personal information|
|US6854056||Sep 21, 2000||Feb 8, 2005||International Business Machines Corporation||Method and system for coupling an X.509 digital certificate with a host identity|
|US6862612 *||Dec 10, 1999||Mar 1, 2005||Dell Products L.P.||Multiple ‘express buy’ profiles for multiple stores (dell.com and gigabuys.com)|
|US6868403||Mar 9, 2000||Mar 15, 2005||Microsoft Corporation||Secure online music distribution system|
|US6934838 *||Jun 1, 1998||Aug 23, 2005||Entrust Technologies Ltd.||Method and apparatus for a service provider to provide secure services to a user|
|US6934841||Mar 1, 2004||Aug 23, 2005||3M Innovative Properties Company||Smart card controlled internet access|
|US6938167||Dec 18, 2002||Aug 30, 2005||America Online, Inc.||Using trusted communication channel to combat user name/password theft|
|US6970562 *||Dec 19, 2000||Nov 29, 2005||Tricipher, Inc.||System and method for crypto-key generation and use in cryptosystem|
|US6980977 *||Nov 5, 2001||Dec 27, 2005||Yokogawa Electric Corporation||System for acquiring and analyzing personal profile data and providing the service of delivering various information|
|US7016875||Oct 9, 2001||Mar 21, 2006||Enfotrust Networks, Inc.||Single sign-on for access to a central data repository|
|US7016877||Nov 7, 2001||Mar 21, 2006||Enfotrust Networks, Inc.||Consumer-controlled limited and constrained access to a centrally stored information account|
|US7017047 *||Nov 8, 2002||Mar 21, 2006||Nokia Corporation||Method for evaluating a profile for risk and/or reward|
|US7036011 *||Jun 29, 2001||Apr 25, 2006||Cachestream Corporation||Digital rights management|
|US7051002||Jun 12, 2003||May 23, 2006||Cardinalcommerce Corporation||Universal merchant platform for payment authentication|
|US7055032||May 21, 2004||May 30, 2006||Tricipher, Inc.||One time password entry to access multiple network sites|
|US7140036||Mar 2, 2001||Nov 21, 2006||Cardinalcommerce Corporation||Centralized identity authentication for electronic communication networks|
|US7165718||Dec 30, 2002||Jan 23, 2007||Pathway Enterprises, Inc.||Identification of an individual using a multiple purpose card|
|US7171562||Sep 5, 2001||Jan 30, 2007||International Business Machines Corporation||Apparatus and method for providing a user interface based on access rights information|
|US7233920||Sep 7, 2000||Jun 19, 2007||Paymentech, L.P.||System and apparatus for credit transaction data transmission|
|US7257581||Aug 6, 2001||Aug 14, 2007||Guardian Networks, Llc||Storage, management and distribution of consumer information|
|US7284131 *||Jan 29, 2001||Oct 16, 2007||Samsung Electronics Co., Ltd.||Method for operating internet site offering encrypted contents|
|US7290288||Aug 29, 2002||Oct 30, 2007||Prism Technologies, L.L.C.||Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network|
|US7308579||Mar 15, 2002||Dec 11, 2007||Noel Abela||Method and system for internationally providing trusted universal identification over a global communications network|
|US7343322 *||Dec 28, 1999||Mar 11, 2008||Time Consumer Marketing, Inc.||Method and apparatus for marketing products over the internet|
|US7412422 *||Mar 22, 2001||Aug 12, 2008||Dekel Shiloh||Method and system for securing user identities and creating virtual users to enhance privacy on a communication network|
|US7426489||Nov 1, 2001||Sep 16, 2008||International Carbon Bank And Exchange, Inc.||Method and system for banking and exchanging emission reduction credits|
|US7467141||Aug 20, 2001||Dec 16, 2008||Grdn. Net Solutions, Llc||Branding and revenue sharing models for facilitating storage, management and distribution of consumer information|
|US7487130||Jan 6, 2006||Feb 3, 2009||Grdn. Net Solutions, Llc||Consumer-controlled limited and constrained access to a centrally stored information account|
|US7552862 *||Jun 29, 2006||Jun 30, 2009||Microsoft Corporation||User-controlled profile sharing|
|US7590844 *||Apr 26, 2002||Sep 15, 2009||Mcafee, Inc.||Decryption system and method for network analyzers and security programs|
|US7591004||Jul 28, 2005||Sep 15, 2009||Aol Llc, A Delaware Limited Liability Company||Using trusted communication channel to combat user name/password theft|
|US7623684||Jul 19, 2005||Nov 24, 2009||Dell Products, L.P.||System and method for information handling system software registration code management|
|US7636941||Mar 10, 2004||Dec 22, 2009||Microsoft Corporation||Cross-domain authentication|
|US7647278||Dec 29, 1999||Jan 12, 2010||Pitney Bowes Inc.||Method for facilitating a transaction between a merchant and a buyer|
|US7660539||Jul 11, 2007||Feb 9, 2010||Dell Products, L.P.||Printer consumable ordering direct from printer|
|US7676034||Mar 5, 2004||Mar 9, 2010||Wai Wu||Method and system for matching entities in an auction|
|US7685013||Aug 24, 2007||Mar 23, 2010||Jpmorgan Chase Bank||System and method for automatic financial project management|
|US7689504||Oct 31, 2002||Mar 30, 2010||Jpmorgan Chase Bank, N.A.||System and method for establishing or modifying an account with user selectable terms|
|US7689506||Jun 7, 2002||Mar 30, 2010||Jpmorgan Chase Bank, N.A.||System and method for rapid updating of credit information|
|US7708202||Dec 30, 2005||May 4, 2010||Reflexis Systems, Inc.||System and method for facilitating sales utilizing customer relationship management technology|
|US7739353||Jun 10, 2008||Jun 15, 2010||Rpx-Lv Acquisition Llc||Launching a web site using a personal device|
|US7742967||Jan 20, 2000||Jun 22, 2010||Cardinalcommerce Corporation||Secure and efficient payment processing system|
|US7742997||Apr 23, 2004||Jun 22, 2010||Jpmorgan Chase Bank, N.A.||System and method for management and delivery of content and rules|
|US7747866||Aug 24, 2000||Jun 29, 2010||Jpmorgan Chase Bank, N.A.||System and method providing improved error detection related to transmission of data over a communication link|
|US7756816||Oct 12, 2005||Jul 13, 2010||Jpmorgan Chase Bank, N.A.||System and method for network-based project management|
|US7783578||Jan 25, 2006||Aug 24, 2010||Jpmorgan Chase Bank, N.A.||System for providing cardless payment|
|US7788499 *||Dec 19, 2005||Aug 31, 2010||Microsoft Corporation||Security tokens including displayable claims|
|US7819316||Oct 8, 2007||Oct 26, 2010||Lv Partners, L.P.||Portable scanner for enabling automatic commerce transactions|
|US7822829||Aug 11, 2008||Oct 26, 2010||Rpx-Lv Acquisition Llc||Method for interfacing scanned product information with a source for the product over a global network|
|US7831508||Jun 23, 2000||Nov 9, 2010||Jpmorgan Chase Bank, N.A.||System and method for implementing a consolidated application process|
|US7849501||Sep 30, 2005||Dec 7, 2010||At&T Intellectual Property I, L.P.||Methods and systems for using data processing systems in order to authenticate parties|
|US7861281||Dec 30, 2005||Dec 28, 2010||Reflexis Systems, Inc.||System and method for facilitating the transfer of information relating to quality of an organization|
|US7870189||Mar 15, 2005||Jan 11, 2011||Rpx-Lv Acquisition Llc||Input device having positional and scanning capabilities|
|US7871168||Dec 6, 2007||Jan 18, 2011||Coretronic Corporation||Illumination system for dual-lamp projector|
|US7877299||Jan 25, 2011||Amazon.Com, Inc.||Payment service capable of being invoked from merchant sites|
|US7894595||May 2, 2008||Feb 22, 2011||Wai Wu||Telephony control system with intelligent call routing|
|US7904344||Jan 29, 2008||Mar 8, 2011||Rpx-Lv Acquisition Llc||Accessing a vendor web site using personal account information retrieved from a credit card company web site|
|US7908467||Jun 26, 2007||Mar 15, 2011||RPX-LV Acquistion LLC||Automatic configuration of equipment software|
|US7912760||Mar 17, 2009||Mar 22, 2011||Rpx-Lv Acquisition Llc||Method and apparatus for utilizing a unique transaction code to update a magazine subscription over the internet|
|US7912961||Jan 10, 2006||Mar 22, 2011||Rpx-Lv Acquisition Llc||Input device for allowing input of unique digital code to a user's computer to control access thereof to a web site|
|US7916858||Sep 18, 2006||Mar 29, 2011||Toby Heller||Agent training sensitive call routing system|
|US7925780||Mar 13, 2007||Apr 12, 2011||Rpx-Lv Acquisition Llc||Method for connecting a wireless device to a remote location on a network|
|US7930213 *||Aug 24, 1999||Apr 19, 2011||Rpx-Lv Acquisition Llc||Method and apparatus for completing, securing and conducting an E-commerce transaction|
|US7930411 *||Sep 14, 2000||Apr 19, 2011||Yodlee.Com, Inc.||Network-based verification and fraud-prevention system|
|US7941533||Feb 19, 2002||May 10, 2011||Jpmorgan Chase Bank, N.A.||System and method for single sign-on session management without central server|
|US7950055||Oct 19, 2009||May 24, 2011||Microsoft Corporation||Cross-domain authentication|
|US7957990||Dec 30, 2005||Jun 7, 2011||Reflexis Systems, Inc.||System and method for managing asset installation and evaluation|
|US7958054 *||Jan 26, 2004||Jun 7, 2011||Yamaha Corporation||Apparatus for reproduction song data with limitation dependent on preview or purchase|
|US7966259||Jun 21, 2011||Amazon.Com, Inc.||System and methods for facilitating transactions on, and personalizing web pages of, third party web sites|
|US7975150 *||Jun 28, 2006||Jul 5, 2011||Hewlett-Packard Development Company, L.P.||Method and system for protecting queryable data|
|US7997485||Jun 29, 2006||Aug 16, 2011||Microsoft Corporation||Content presentation based on user preferences|
|US8028039||Dec 23, 2005||Sep 27, 2011||Reflexis Systems, Inc.||System and method for communicating data between wireless mobile hand-held computer and a back-end computer system|
|US8069256 *||Aug 19, 2006||Nov 29, 2011||Mehran Randall Rasti||System and method to curb identity theft|
|US8078880||Jul 28, 2006||Dec 13, 2011||Microsoft Corporation||Portable personal identity information|
|US8087072||Sep 17, 2007||Dec 27, 2011||Microsoft Corporation||Provisioning of digital identity representations|
|US8104074||Feb 24, 2006||Jan 24, 2012||Microsoft Corporation||Identity providers in digital identity system|
|US8112405 *||Jul 24, 2008||Feb 7, 2012||Dekel Shiloh||Method and system for securing user identities and creating virtual users to enhance privacy on a communication network|
|US8117459||Jul 28, 2006||Feb 14, 2012||Microsoft Corporation||Personal identification information schemas|
|US8117644 *||May 5, 2010||Feb 14, 2012||Pennar Software Corporation||Method and system for online document collaboration|
|US8117649||Aug 5, 2010||Feb 14, 2012||Dormarke Assets Limited Liability Company||Distributed hierarchical identity management|
|US8135611||Feb 20, 2011||Mar 13, 2012||Reflexis Systems, Inc.||System and method for managing asset installation and evaluation|
|US8140429||Mar 10, 2010||Mar 20, 2012||Cardinalcommerce Corporation||Universal merchant platform for payment authentication|
|US8160935||Apr 17, 2012||Amazon.Com, Inc.||Payment service capable of being integrated with merchant sites|
|US8170954||Nov 13, 2001||May 1, 2012||Cardinalcommerce Corporation||Secure and efficient payment processing system with account holder defined transaction limitations|
|US8171556 *||Oct 10, 2001||May 1, 2012||Mieko Ishii||Personal information protection method, personal information protection system, processing device, portable transmitter/receiver, and program|
|US8250626||Nov 3, 2006||Aug 21, 2012||International Business Machines Corporation||Securing data accessed by a software package pre-loaded on a computer system|
|US8260806 *||Jun 29, 2007||Sep 4, 2012||Grdn. Net Solutions, Llc||Storage, management and distribution of consumer information|
|US8317097||Jul 25, 2011||Nov 27, 2012||Microsoft Corporation||Content presentation based on user preferences|
|US8321912||Aug 27, 2010||Nov 27, 2012||Cardinalcommerce Corporation||Centralized identity authentication for electronic communication networks|
|US8355959||Mar 30, 2012||Jan 15, 2013||Amazon.Com, Inc.||Payment service capable of being integrated with merchant sites|
|US8407767||Sep 17, 2007||Mar 26, 2013||Microsoft Corporation||Provisioning of digital identity representations|
|US8474010||Nov 21, 2010||Jun 25, 2013||Reflexis Systems, Inc.||System and method for facilitating the transfer of information relating to quality of an organization|
|US8504704||Jan 24, 2005||Aug 6, 2013||Dormarke Assets Limited Liability Company||Distributed contact information management|
|US8527752||Jan 24, 2005||Sep 3, 2013||Dormarke Assets Limited Liability||Graduated authentication in an identity management system|
|US8566248||Nov 20, 2001||Oct 22, 2013||Grdn. Net Solutions, Llc||Initiation of an information transaction over a network via a wireless device|
|US8589440||Apr 19, 2011||Nov 19, 2013||Pennar Software Corporation||Authentication mechanisms to enable sharing personal information via a networked computer system|
|US8621539 *||Sep 29, 2005||Dec 31, 2013||Entropic Communications, Inc.||Physical layer transmitter for use in a broadband local area network|
|US8626665||Dec 17, 2012||Jan 7, 2014||Amazon.Com, Inc.||Payment service capable of being integrated with merchant sites|
|US8645266||Dec 3, 2010||Feb 4, 2014||Cardinalcommerce Corporation||Universal merchant platform for payment authentication|
|US8645348||Dec 28, 2011||Feb 4, 2014||Dekel Shiloh||Method and system for securing user identities and creating virtual users to enhance privacy on a communication network|
|US8650118||Mar 19, 2012||Feb 11, 2014||Cardinalcommerce Corporation||Universal merchant platform for payment authentication|
|US8676694||Jun 8, 2010||Mar 18, 2014||Cardinalcommerce Corporation||Secure and efficient payment processing system|
|US8689296||Dec 7, 2007||Apr 1, 2014||Microsoft Corporation||Remote access of digital identities|
|US8689311||Mar 30, 2011||Apr 1, 2014||Microsoft Corporation||Cross-domain authentication|
|US8694352||Jul 10, 2008||Apr 8, 2014||Reflexis Systems, Inc.||System and method for providing handheld field force data gathering automation in a big box retail environment|
|US8739301||Jan 10, 2012||May 27, 2014||Pennar Software Corporation||Online personal library|
|US8762210||Mar 15, 2013||Jun 24, 2014||Cardinalcommerce Corporation||Alternative payment implementation for electronic retailers|
|US8959652||Aug 30, 2013||Feb 17, 2015||Dormarke Assets Limited Liability Company||Graduated authentication in an identity management system|
|US8978096||May 25, 2013||Mar 10, 2015||Reflexis Systems Inc.||System and method for facilitating the transfer of information relating to quality of an organization|
|US8978147||Apr 21, 2011||Mar 10, 2015||Pennar Software Corporation||Online personal library|
|US9015803||Nov 9, 2013||Apr 21, 2015||Pennar Software Coporation||Online personal library|
|US9037963||Apr 22, 2011||May 19, 2015||Amazon Technologies, Inc.||Secure cross-domain web browser communications|
|US9064273||Jan 7, 2013||Jun 23, 2015||Jpmorgan Chase Bank, N.A.||System and method for management and delivery of content and rules|
|US20010042201 *||Apr 3, 2001||Nov 15, 2001||Masashi Yamaguchi||Security communication method, security communication system, and apparatus thereof|
|US20010056423 *||Mar 20, 2001||Dec 27, 2001||Masanobu Kanazawa||Membership management method and membership management system|
|US20020002674 *||Jun 29, 2001||Jan 3, 2002||Tom Grimes||Digital rights management|
|US20020010860 *||Jan 29, 2001||Jan 24, 2002||Chu Chang-Nam||Method for operating internet site offering encrypted contents|
|US20020055912 *||Oct 19, 2001||May 9, 2002||Byron Buck||Network and method for facilitating on-line privacy|
|US20020073042 *||Dec 7, 2000||Jun 13, 2002||Maritzen L. Michael||Method and apparatus for secure wireless interoperability and communication between access devices|
|US20020076042 *||Dec 19, 2000||Jun 20, 2002||Ravi Sandhu||System and method for crypto-key generation and use in cryptosystem|
|US20020083043 *||Nov 5, 2001||Jun 27, 2002||Tetsuo Hoshi||System for acquiring and analyzing personal profile data and providing the service of delivering various information|
|US20020143693 *||Nov 1, 2001||Oct 3, 2002||Soestbergen Mark Van||Method and system for banking and exchanging emission reduction credits|
|US20020143961 *||Mar 14, 2001||Oct 3, 2002||Siegel Eric Victor||Access control protocol for user profile management|
|US20040083474 *||Jul 3, 2003||Apr 29, 2004||Mckinlay Eric||System, method and computer program product for initiating a software download|
|US20040093224 *||Nov 8, 2002||May 13, 2004||Nokia Corporation||Method for evaluating a profile for risk and/or reward|
|US20040123158 *||Dec 18, 2002||Jun 24, 2004||James Roskind||Using trusted communication channel to combat user name/password theft|
|US20040143492 *||Jan 17, 2003||Jul 22, 2004||Howell James A.||Process for restoring upgrade keys or promotional offers using a unique identifier|
|US20040154459 *||Jan 26, 2004||Aug 12, 2004||Yamaha Corporation||Apparatus for reproduction song data with limitation dependent on preview or purchase|
|US20040172552 *||Mar 1, 2004||Sep 2, 2004||Boyles Stephen L.||Smart card controlled internet access|
|US20040230443 *||Nov 24, 2003||Nov 18, 2004||Mcmorris John A.||System and method of creating, aggregating, and transferring environmental emisssion reductions|
|US20050010780 *||Jul 9, 2003||Jan 13, 2005||Kane John Richard||Method and apparatus for providing access to personal information|
|US20050021495 *||Nov 24, 2003||Jan 27, 2005||Mcmorris John A.||System and method for tracking environmental emission reductions|
|US20050027989 *||May 21, 2004||Feb 3, 2005||Ravi Sandhu||One time password entry to access multiple network sites|
|US20050049932 *||Sep 3, 2003||Mar 3, 2005||Howell James A.||Process for managing subscription service purchases|
|US20050065950 *||Nov 12, 2004||Mar 24, 2005||Naren Chaganti||Online repository for personal information|
|US20050071270 *||Sep 26, 2003||Mar 31, 2005||Ramirez Christopher W.||Process for remote recovery and creation of machine specific authentication keys for systems|
|US20050188220 *||Jun 25, 2003||Aug 25, 2005||Mikael Nilsson||Arrangement and a method relating to protection of end user data|
|US20050192008 *||Apr 14, 2005||Sep 1, 2005||Nimesh Desai||System and method for selective information exchange|
|US20050204041 *||Mar 10, 2004||Sep 15, 2005||Microsoft Corporation||Cross-domain authentication|
|US20050262564 *||Jul 28, 2005||Nov 24, 2005||James Roskind||Using trusted communication channel to combat user name/password theft|
|US20060200425 *||Jan 6, 2006||Sep 7, 2006||Enfotrust Networks, Inc.||Single sign-on for access to a central data repository|
|US20090222740 *||May 13, 2009||Sep 3, 2009||Computer Associates Think, Inc.||System and method for synchronizing login processes|
|CN100422988C||Oct 31, 2002||Oct 1, 2008||索尼电子有限公司||Consumer-centric context-aware switching model|
|CN100524243C||Nov 5, 2003||Aug 5, 2009||诺基亚公司||Method, system and communication equipment for evaluating a profile for risk and/or reward|
|CN101331509B||Nov 22, 2006||Jun 27, 2012||微软公司||Security tokens including displayable claims|
|EP1170927A2 *||Apr 11, 2001||Jan 9, 2002||Matsushita Electric Industrial Co., Ltd.||Security communication method, security communication system, and apparatus thereof|
|EP1379045A1 *||Jul 1, 2002||Jan 7, 2004||Telefonaktiebolaget Lm Ericsson||Arrangement and method for protecting end user data|
|EP1609064A1 *||Nov 5, 2003||Dec 28, 2005||Nokia Corporation||Method for evaluating a profile for risk and/or reward|
|WO2000062214A1 *||Apr 6, 2000||Oct 19, 2000||Arie Berlin||Credit card security technique|
|WO2001043033A1 *||Dec 8, 2000||Jun 14, 2001||Amazon Com Inc||Use of an intermediary to securely provide customer information to third party internet merchants|
|WO2001044950A1 *||Dec 13, 2000||Jun 21, 2001||Swifteye Inc||Smart card controlled internet access|
|WO2001048662A1 *||Dec 20, 2000||Jul 5, 2001||Pitney Bowes Inc||Facilitating a transaction between a merchant and a buyer|
|WO2002051049A1 *||Dec 18, 2001||Jun 27, 2002||Singlesignon Net||One time password entry to access multiple network sites|
|WO2002051050A1 *||Dec 18, 2001||Jun 27, 2002||Singlesignon Net||A secure communications network with user control of authenticated personal information provided to network entities|
|WO2002084941A1 *||Apr 10, 2002||Oct 24, 2002||Microvault Corp||Secure messaging using self-decrypting documents|
|WO2005010663A2 *||Jun 24, 2004||Feb 3, 2005||David L Chambers||System, method and computer program product for initiating a software download|
|WO2005125077A1 *||Jun 16, 2005||Dec 29, 2005||Sxip Networks Srl||Graduated authentication in an identity management system|
|WO2008137387A1 *||Apr 28, 2008||Nov 13, 2008||Hewlett Packard Development Co||Method and system of verifying permission for a remote computer system to access a web page|
|WO2011147433A1 *||May 28, 2010||Dec 1, 2011||Swiss Technical Electronics (Ste) Holding Ag||Method and devices for creating and using an identification document that can be displayed on a mobile device|
|U.S. Classification||705/76, 380/30, 726/4, 380/43, 705/64, 713/182, 705/78, 713/185, 705/67, 713/167, 713/171, 713/156, 713/155|
|International Classification||H04L29/06, H04L29/08|
|Cooperative Classification||H04L67/306, H04L63/061, G06Q20/3674, G06Q20/382, H04L63/105, G06Q20/0855, H04L63/0442, H04L63/102, G06Q20/3821|
|European Classification||H04L63/04B2, H04L63/10D, G06Q20/3821, G06Q20/382, H04L63/10B, G06Q20/3674, G06Q20/0855, H04L63/06A|
|Dec 6, 1996||AS||Assignment|
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:FORTENBERRY, KEITH N.;RODRIQUEZ, HERMAN;REEL/FRAME:008346/0409;SIGNING DATES FROM 19961022 TO 19961116
|Dec 23, 2002||FPAY||Fee payment|
Year of fee payment: 4
|Jan 10, 2007||FPAY||Fee payment|
Year of fee payment: 8
|Jun 21, 2011||FPAY||Fee payment|
Year of fee payment: 12
|Jul 12, 2011||AS||Assignment|
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:026664/0866
Effective date: 20110503
Owner name: GOOGLE INC., CALIFORNIA